Configurar CUPS para só permitir impressão em rede de usuarios ldap

[araruna]

Galera, eu tô com um problema!!!   
Eu quero configurar meu servidor CUPS de forma que ele só permita impressões em rede de uma certa faixa de ips e somente dos usuários locais e do ldap.
Já consegui fazer com que o cups imprimisse uma página de testes quando faço login remoto pelo firefox, mas não consigo fazer o cups local mandar jobs para o servidor...
O local sempre diz que não conseguiu alguma coisa ou alguma coisa falhou...

este é o meu error_log (só o final):

D [29/Aug/2008:15:10:03 -0300] Report: stringpool-alloc-bytes=8472
D [29/Aug/2008:15:10:03 -0300] Report: stringpool-total-bytes=9056
D [29/Aug/2008:15:14:25 -0300] cupsdAcceptClient: 7 from localhost (Domain)
D [29/Aug/2008:15:14:25 -0300] Report: clients=1
D [29/Aug/2008:15:14:25 -0300] Report: jobs=0
D [29/Aug/2008:15:14:25 -0300] Report: jobs-active=0
D [29/Aug/2008:15:14:25 -0300] Report: printers=2
D [29/Aug/2008:15:14:25 -0300] Report: printers-implicit=0
D [29/Aug/2008:15:14:25 -0300] Report: stringpool-string-count=473
D [29/Aug/2008:15:14:25 -0300] Report: stringpool-alloc-bytes=8472
D [29/Aug/2008:15:14:25 -0300] Report: stringpool-total-bytes=9056
D [29/Aug/2008:15:14:25 -0300] cupsdReadClient: 7 OPTIONS * HTTP/1.1
D [29/Aug/2008:15:14:25 -0300] cupsdAuthorize: No authentication data provided.
D [29/Aug/2008:15:14:25 -0300] encrypt_client: 7 Connection from localhost now encrypted.
D [29/Aug/2008:15:14:25 -0300] cupsdReadClient: 7 POST / HTTP/1.1
D [29/Aug/2008:15:14:25 -0300] cupsdAuthorize: No authentication data provided.
D [29/Aug/2008:15:14:25 -0300] CUPS-Get-Printers
D [29/Aug/2008:15:14:25 -0300] cupsdProcessIPPRequest: 7 status_code=0 (successful-ok)
D [29/Aug/2008:15:14:25 -0300] cupsdAcceptClient: 9 from localhost:631 (IPv4)
D [29/Aug/2008:15:14:25 -0300] cupsdReadClient: 9 OPTIONS * HTTP/1.1
D [29/Aug/2008:15:14:25 -0300] cupsdAuthorize: No authentication data provided.
D [29/Aug/2008:15:14:25 -0300] encrypt_client: 9 Connection from localhost now encrypted.
D [29/Aug/2008:15:14:25 -0300] cupsdCloseClient: 7
I [29/Aug/2008:15:14:25 -0300] cupsdCloseClient: SSL shutdown successful!
D [29/Aug/2008:15:14:25 -0300] cupsdCloseClient: 7
D [29/Aug/2008:15:14:25 -0300] cupsdReadClient: 9 GET /printers/LaserJet-M1120-MFP.ppd HTTP/1.1
D [29/Aug/2008:15:14:25 -0300] cupsdAuthorize: No authentication data provided.
D [29/Aug/2008:15:14:25 -0300] cupsdCloseClient: 9
I [29/Aug/2008:15:14:25 -0300] cupsdCloseClient: SSL shutdown successful!
D [29/Aug/2008:15:14:25 -0300] cupsdCloseClient: 9

Este é o cupsd.conf do servidor:

#
#
#   Sample configuration file for the Common UNIX Printing System (CUPS)
#   scheduler.  See "man cupsd.conf" for a complete description of this
#   file.
#

# Log general information in error_log - change "info" to "debug" for
# troubleshooting...
LogLevel warning

# Administrator user group...
SystemGroup lpadmin

# Only listen for connections from the local machine.
Listen *:631
Listen /var/run/cups/cups.sock
#SSLListen 443

# Show shared printers on the local network.
Browsing On

BrowseTimeout 120
BrowseInterval 30

BrowseOrder deny,allow
BrowseAllow @LOCAL
BrowseAllow from *.lia.ufc.br:631
BrowseAllow from */255.255.255.0
BrowseAddress @LOCAL

BrowseLDAPServer localhost
BrowseLDAPDN ou=pargo,dc=lab2
BrowseLDAPPassword *senha*

JobRetryLimit 4
MaxClients 13
MaxCopies 5
MaxJobsPerUser 15

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Restrict access to the server...
<Location />
  Order allow,deny
  Allow localhost
  Allow @LOCAL
</Location>

<Location /printers>
  Order deny,allow
  Allow localhost
  Allow @LOCAL
  Allow From 200.19.177.*

  Require user @pargo @SYSTEM
</Location>

# Restrict access to the admin pages...
<Location /admin>
  Order deny,allow
  Allow localhost
  Require user barriga root @admin @root
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Basic
  Require user @SYSTEM
  Order allow,deny
  Allow localhost
</Location>

# Set the default printer/job policies...
<Policy default>
  # Job-related operations must be done by the owner or an adminstrator...
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an adminstrator to authenticate...
  <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
    AuthType Basic
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

#
#

#
# Printcap: the name of the printcap file.  Default is /etc/printcap.
# Leave blank to disable printcap file generation.
#

Printcap /var/run/cups/printcap

#
# PrintcapFormat: the format of the printcap file, currently either
# BSD or Solaris.  The default is "BSD".
#

#PrintcapFormat BSD
#PrintcapFormat Solaris

#
# PrintcapGUI: the name of the GUI options panel program to associate
# with print queues under IRIX.  The default is "/usr/bin/glpoptions"
# from ESP Print Pro.
#
# This option is only used under IRIX; the options panel program
# must accept the "-d printer" and "-o options" options and write
# the selected printer options back to stdout on completion.
#

#PrintcapGUI /usr/bin/glpoptions

Estou tentando imprimir de um gutsy para um feisty...
Gostaria de saber o que tenho que fazer para que funcione tudo...

Agradeço.

[Josely]

ola amigo!


procure a seção <Location/> e <Location /printers> no seu cupsd.conf e altere o seguinte:

<Location />
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 192.168.0.* #essa linha vai conter a faixa de IP que vc quer que utilize a impressão, qq Ip fora dessa faixa não podera imprimir;
</Location>

<Location /printers>
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From 192.168.0.* #aqui tambem vc devera informar a faixa de IP;
</Location>


NOTA: no seu cupsd.con esta liberado o acesso apar qq um imprimir, mudando as configurações acima, so as maquinas que terão o IP que vc definir poderam imprimir, outras ficarão de fora ou seja nem enxergarão a impressora.

qq coisa posta o resultado. 

[araruna]

Eu botei na configuração acima uma coisa parecida com o que você disse:

<Location /printers>
  Order deny,allow
  Allow localhost
  Allow @LOCAL
  Allow From 200.19.177.*

  Require user @pargo @SYSTEM
</Location>

Restringir o acesso por IP eu sei, o problema é restringir a impressão somente aos usuários do LDAP, porque não são todos que devem poder imprimir.
Agradeço a ajuda.

Alguém mais poderia sugerir algo?

[Josely]

ja tentou colocar so os IP'S que vc quer que imprima? tenta fazer isso.